nginx vs apache as a reverse proxy

Linden Varley Linden.Varley at
Wed Mar 4 04:00:46 MSK 2009

Apache mod_python has to be there since its an interface to a framework which serves images. I can try to move to mod_wsgi on nginx but what I was more trying to do was test the performance of Nginx vs Apache purely as a reverse proxy server in a DMZ. (the backends are a multitude of things such as tomcat, mod_python, CMS, IIS, apache etc.)

Nginx definitely has a smaller footprint and performs better at higher loads but at the expense of an increase in sockets on the backend servers. This will probably require  some tuning at the backend to decrease the TIME_WAIT connection states and disabling keep-alives for all applications.

Not bashing nginx in any way at all, just wanted to see if what I was seeing makes sense and if anyone else had experiences.

- Linden

-----Original Message-----
From: owner-nginx at [mailto:owner-nginx at] On Behalf Of Cliff Wells
Sent: Tuesday, 3 March 2009 3:12 PM
To: nginx at
Subject: RE: nginx vs apache as a reverse proxy

On Tue, 2009-03-03 at 14:16 +1100, Linden Varley wrote:
> Sorry I should of mentioned that the requests per second are also
> slightly higher with apache over nginx. Although it’s a marginal
> amount it is consistent.

Then you are probably right that it has to do with no keepalive for
backend connections.

One thing I wonder is if restructuring your stack a bit wouldn't make a
lot of difference.   You say you are serving your static images via
mod_python... what's the logic there?  Are the images dynamically
generated by Django or some other Python web framework?

> Yes the backend server has a large number of sockets in TIME_WAIT and
> yes keep-alive is on on the backend too. Turning it off does actually
> close the gap which is much better, but are there any plans for the
> proxying in nginx to support keep-alives?

I think it's planned but I unaware of any time-frame.

> It plays havoc with the firewall too since it creates a new state
> entry in the state table for each socket.

Can you eliminate this firewall?  If the Apache server isn't
public-facing, I think I'd just give it a non-routable IP and get rid of
the firewall.


The contents of this email are confidential and may be subject to legal or professional privilege and copyright. No representation is made that this email is free of viruses or other defects. If you have received this communication in error, you may not copy or distribute any part of it or otherwise disclose its contents to anyone. Please advise the sender of your incorrect receipt of this correspondence.

More information about the nginx mailing list